Mozilla Foundation Security Advisory 2009-12

XSL Transformation vulnerability

Announced

March 27, 2009

Reporter

Guido Landi, Andre, Michael Rooney, Martin

Impact

Critical

Products

Firefox, SeaMonkey

Fixed in

Firefox 3.0.8

SeaMonkey 1.1.16

Description

Security researcher Guido Landi discovered that a
XSL stylesheet could be used to crash the browser during a XSL
transformation. An attacker could potentially use this crash to run
arbitrary code on a victim's computer.

This vulnerability was also previously reported as a stability
problem by Ubuntu community member, Andre. Ubuntu
community member Michael Rooney reported Andre's
findings to Mozilla, and Mozilla community member Martin
helped reduce Andre's original testcase and contributed a patch to fix
the vulnerability.